Search form

Open source downloads are an endangered species | Opensource.com

With recent news that GitHub is banning storage of any file over 100Mb and discouraging files larger than 50Mb, their retreat from offering download services is complete. It's not a surprising trend; dealing with downloads is unrewarding and costly. Not only is there a big risk of bad actors using download services to conceal malware downloads for their badware activities, but additionally anyone offering downloads is duty-bound to police them at the behest of the music and movie industries or be terated as a target of their paranoid attacks. Policing for both of these—for malware and for DMCA violations—is a costly exercise.

As a consequence we've seen a steady retreat from offering downloads, even by those claiming to serve the open source community. First GitHub bowed out of offering the service, claiming that it was "confusing" for the clients. More recently Google followed suit, bringing Google Code Download services to an end. They stated that "downloads have become a source of abuse, with a significant increase in incidents recently." Community reactions to this have been mixed.

GitHub didn't have an alternative plan for it's users and clearly has no desire to be a full-service community host. Google suggested using its Drive cloud file storage service to host files, though this is clearly far from ideal as, for a start, no analytics are available for downloaders. Small projects are left with a rapidly decreasing number of options. They could pay of course, for S3, but for a free downloader solution SourceForge seem to be the only high-profile answer. SourceForge are doing everything in their power to make it easy for users of Google Code and GitHub to transition across to their service and GitHub have even included a link to SourceForge in their help pages, recommending them as a viable alternative. SourceForge assures us that they have no intention of shutting down their upload/download services at all.

SourceForge providing an alternative is potentially handy for those whose projects would otherwise be held up by this lapse in services and they will no doubt welcome the wave of new users. The issue shouldn't be coming up at all though. Confusion for and abuse by users may sound like reasonable pretexts, but perhaps the real problem encountered by both the closing services is a somewhat less reasonable one. There's a growing expectation that they should regulate the downloads, acting the part of police on behalf of copyright holders.

The pressure to behave that way, whether through a desire to preserve a safe harbour status or simply to tread carefully in the eyes of the law, is an unreasonable hack that appears to mend copyright law online but in fact abdicates the responsibility of legislators to properly remake copyright law for the meshed society and over-empowers legacy copyright barons. These changes to downloads are an inconvenience for open source developers, but should serve as a warning to the rest of us that the copyright system is beyond simple patching.

Indeed, looks interesting. It would have been good if GitHub had waited until this feature was available before banning downloads from repos. Note that this article was originally published in June: http://meshedinsights.com/2013/06/04/no-more-downloads/ when the only reality was they had just banned downloads...

back before sourceforge and githib the world used mirrors such as this ftp://ftp.heanet.ie/mirrors/ where projects had data at "project.org" and they ran cvsup or svn or some other tool for managing the source tree, we'll end up going back that way but with newer cooler ideas on how contributing and management of core projects are done

it's harsh on those who use git-hub it's harsh on those who use other parties but at the end of the day the idea that if you are interested you will find a way to scratch the itch will work again

it's all fun and changes here on the planet where the only constant is change ;-)

I don't think you can really blame companies for having to deal with the realities of operating online services. I see no issue with GitHub's actions. They are a source code repository, not a file storage service. I would hardly call staying within the bounds of the law an unreasonable hack. Its unfortunate that some people have caused this to be an issue by exploiting these services. Blaming the services for instituting limits on what is largely a free service, though, is like "biting the hand that feeds you".

Perhaps it's not all the story here, people have in various projects searched for copyright compliance and passed this information back to the upstream when it was found wanting. There was a potential issue in this space, however the community managed it very well. SCO being an interesting agent of change in community perception, which people in various projects have taken to heart and added to their process as a result.

The problem of legacy copyright institutions beating up legit copyright owners is well documented, be it youtube or other places, however the ability to mitigate that problem is harder to manage than herding cats.

The only thing close to it was the whole reaction to SOPA in the US and the reactions to its ilk internationally.

While the OSS community is a threat to the publishers business model and they are a bigger threat to their own business by means of not publishing or releasing to all markets at the same time that's a different story and it actually needs tackling. The job of the publishers as they see it themselves is to control the path to the market.

Back to GitHub they had a genuine gripe against large files, but they set themselves up for it. They had to react if it was going to kill them, they did. The choice of method might be open ot debate as to the elegance of the solution.

Is it really that the other question that falls out of this is at what point does something that was reasonable become unreasonable and when that happens what is a good way for a group or organisation to react.

The article picture has the great phrase
Change the model
this was what my initial reaction was to.

These are just some thoughts on the broader article, and what it touches on.

This ruling also put the complaince back on the provider of the device. This might put the complaince requirement back on the webhost.

So there is really a requirement for build farms for places like github to use. So they can be sure the binary they are providing is legal. This also reduces possible malware.

Also changing to where user uploads something as a release instead of general source is another way so you can have that the supplier lied to you.

By the way binaries in git archives is not what you call space effective either. Yes github got its press releases in the wrong order. Releases bit came on line before the repo stuff was disabled. But they failed to send out a press release about Releases feature being implemented first.

Given that maybe one in three open source libraries or utilities will compile when downloaded, as often because one's system is too up to date as not up to date enough, this is awful. I really need to step up my virtualization game if I am going to keep using open source code.

Vote up!

2

Vote down!

0

Computer industry veteran Simon Phipps has been involved at a strategic level in some of the world’s leading technology companies for decades. He has worked in such hands-on roles as field engineer, programmer and systems analyst, as well as run a software publishing company. He worked with networking standards in the eighties, on the first commercial collaborative conferencing software in the nineties, and helped introduce both Java and XML at IBM.

Main menu

The opinions expressed on this website are those of each author, not of the author's employer or of Red Hat.

Opensource.com aspires to publish all content under a Creative Commons license but may not be able to do so in all cases. You are responsible for ensuring that you have the necessary permission to reuse any work on this site. Red Hat and the Shadowman logo are trademarks of Red Hat, Inc., registered in the United States and other countries.